Dynamics CRM (relative) newbie here.
I have an activity feed set up on a users dashboard (I used the Personal Wall web resource). If I look at the default posts for the Account view, everything is cool.
However, if I go and "follow" an Account when I look at my activity feed I can see other posts that relate to records that Account is involved with that are outside of my security role. For example, that Account has several Case records. My role has no permissions to Cases whatsoever, but there is the post in my activity feed. If I click on the case I get a prvReadPriviledge error which is correct, but I don't want users to do this - I don't want these posts to show up in their feeds at all, even if the are following the account.
These posts do need to show up in the feeds for people working Cases, however (and their roles will have read/write to the Case entity).
I'm not sure what do here.. can you help?
I believe that this is what you're looking for it's from Microsoft's site.
"The activity feeds walls are web resources that can be embedded in dashboards in context with relevant grids and visualizations. For example, you can embed the msdyn_/PersonalWall.htm web resource into a dashboard with specifying the HideUserProfile parameter. The default is value 1 (or, true), to hide the user profile, to unhide, use the value 0 (or, false). For more information about how to use web resources in dashboards, see Analyze data with dashboards."
Related
I am researching ServiceNow, I know next to nothing about it. Funny how the most obvious questions seem to be the hardest to Google. My specific question is about applications.
ServiceNow runs as SaaS, correct? So, if I build a ServiceNow application, for a user to access that application, they would open the ServiceNow platform in their browser, then they would have a menu of applications they could launch, correct?
Is it possible to host a ServiceNow application on a specific page, or on a website, or embed it in a SharePoint page, so I can give out a URL for a user to run the application? Or do they always have to navigate through the ServiceNow portal to run my application?
I know this sounds like a dumb question. But everything I have read assumes you already know this information, so a dumb, obvious question it has to be.
ServiceNow assumes that it is managing the entire window (or tab). You might be able to get something to work using HTML frames, but there is a good chance it would break with a future ServiceNow upgrade.
On the other hand, it possible to redirect a user into a specific ServiceNow page by constructing the appropriate URL. If the user does not already have an active session cookie then ServiceNow will prompt them to authenticate. You can redirect to a specific Service Portal page, or a specific catalog item or a specific record. You can redirect to a ServiceNow Dashboard. If you want to show a list of records, you can dynamically build a query. You can redirect into Agent Workspace or the classic platform UI. If directing into the classic platform UI you can show or hide the ServiceNow navigation menu based on whether or not your URL contains nav_to.do?.
There is a bit of an introduction on this page, although it really only scratches the surface:
https://docs.servicenow.com/bundle/sandiego-platform-user-interface/page/use/navigation/reference/r_NavigatingByURLExamples.html
If you want to drive ServiceNow from a web site or from SharePoint, then you just need to construct the right URL which will open ServiceNow in a new browser tab.
I have created a dashboard using aws quicksight. Now, I want to embed it into a web portal. My requirements are -
I want to show these dashboards only to specific users among all the people who access our web portal.
Currently, that user list is fixed. But, if I want to give permissions to any new user, I want to be know the different ways to do that
Can someone tell me embedding process in detail ? I have went through these aws quicksight resources about embedding - 1. link 2. link. But, I am finding it difficult to understand about the access management part and retrieving the dashboard URL part. I am using javascript.
I received this message for the second time and i still dont understand why. Can someone help me?
Action required: Critical problem with your Google Cloud/API project
Youtube API (id: tonal-topic-123301)
Dear Developer, We have recently
detected that your Google Cloud/API project Youtube API (id:
tonal-topic-123301) is using a Google product name as the project name
shown to users on the OAuth consent screen, which violates the Google
API Services: User Data Policy. You can fix the problem by revising
the project name and other relevant content so that the OAuth consent
screen shown to users accurately reflects the identity of your
application. To revise the project name visible to users, please take
the following steps:
Please review the Google API Services: User Data Policy, specifically
the following section- "Do not make false or misleading statements
about any entities that have allegedly authorized or managed your
application. You must accurately represent the company, organization,
or other authority that manages your application. Making false
representations about client credentials to Google or Google users is
grounds for suspension."
Sign in to the Google Cloud Platform Console.
Select your project.
On the Home Page Dashboard, select Go to APIs overview under APIs.
In API manager, select Credentials on the left bar, then select OAuth
consent screen. Change the name in the field under Product name shown
to users and then click on Save. We will suspend your Cloud project in
3 days unless you correct the problem. Please submit an appeal if you
have any questions. Please note that you should be logged in as the
project owner to access the appeals page. For more help on submitting
an appeal or to learn more about the process check the Policy
Violation FAQ. Please take a moment to review the Google API Services:
User Data Policy, the Google API Terms of Service, the Google Cloud
Terms of Service and the applicable Terms of Service for the specific
Google API you are using so that you do not violate our terms and
policies in the future.
This is obviously a naming issue regarding something in the google product range.
You Should be able to re-name your project to solve this.
If not, try a Google forum or help pages.
The problem you are having is that Google does not allow you to use a Google product name as the name of your in your application. Users can become confused and assume your third party application was created by them.
How to fix it:
Go to Google Developer console find the credentials screen. Click on the Oauth consent screen tab at the top rename your application.
Note: If you don't do this google is going to shut down your application they are very picky about this.
I am building an app with Role based Security. I have built my Record Types (Projects, Accounts, HistoryLog, Financial, Customer, etc) in Cloudkit Dashboard, and I have created Security Roles as well. I have roles named: Executive and DeptManager. I have assigned to the Record Types the appropriate access by Role. I have also assigned to the user in the special Record Type "Users" the role of either Executive or DeptManager.
I have successfully accessed and manipulated data in the Record Types. Now I am implementing Role based viewing in the App. So on the first view there is a log in "like" feature, so after i discover the user, I want to display the Roles of that user in a PickerView for them to select. Once they select a role I will them take them to the appropriate view. For example I may have the role of both DeptManager and Executive. If today I select DeptManager, I will be taken to a view that allows me to enters Production Metrics. If another day I select Executive, I will see performance metrics for all the departments that report to me.
Here is an image from CloudKit Dashboard showing the info I'm trying to retrieve. Thanks in advance for any advice.
Currently it is not possible to get the roles a user is in. At the moment the information that is returned from the discoverUserInfoWithUserRecordID is very limited. I also hope it will be extended soon. Currently you only get a userRecordID, first name and last name. If you do want such functionality, then the only solution is creating a shadow registration which you could query. You then would have a challenge keeping these 2 in sync. That has to be done manually.
Ok, so imagine a bank has a call-centre filled with low-trust staff. The staff need to provide basic service to customers over the phone. The call centre staff take calls from a customer, ask them certain security questions, and then service the accounts in some way.
Now, from the customer's point of view, the bank is verifying who they are by asking the security questions. This is subtly different from the bank's point of view: It is verifying that the call centre employee is talking to the customer.
Why is this difference important? The bank wants to restrict these low trust staff, so they cannot view any details of the accounts until the customer calls them. So a call centre employee can't browse account details of customers that haven't just contacted him and asked for service.
So the question is:
Is this sort of setup possible in Dynamics CRM 2011? How would one go about implementing it? Some level of customization would be OK, but a bespoke application driven from the CRM data is not.
I'm thinking that maybe it's possible to create a custom component that temporarily modifies the user's permissions to a record (and all its children) after answering some security questions. However, I'm not even sure that record-based security (beyond Ownership) is supported in CRM...? I guess one could temporarily assign ownership to the user. Is that wise?
Please note: Simply hiding views & find buttons from the GUI isn't the sort of level of security we're looking for here. We're looking to literally restrict the user from accesing the records in question.
I can see a couple of options:
Working within the permissions model. This could work. You could have access restricted by default, and then have another entity where you'd enter in the account details, a plugin would run and verify the details, and then share the record to the current user. I'd be a little concerned, however, on how the unsharing would work. What would trigger it? Would there be a process that just runs outside of CRM and unshares records periodically. What if that process fails? We've also had performance issues in the past with this type of model... CRM seems to do a lot of work under the hood every time an individual record's permissions are changed like this.
Reassigning the owner, as you suggest. Would multiple users ever need to look at the same data? Does the owner of the record need to be maintained for any other reason (e.g. This is Joe's account because he's the owner).
Working exclusively with plugins. You could have a plugin registered on Retrieve and RetrieveMultiple of a record. This plugin could filter out all the details you want to hide from the end user. When the user needs to view the rest of the data, they fill out a form or dialog or something with the data. This data is then included in the Retrieve call for the record. The plugin checks for the hidden data, verifies that it's there and correct, then strips it out and lets the request continue, only this time it retrieves all attributes, and the form populates as expected.
Disclaimer: this answer is based on plenty of CRM 4.0 experience and reading the release notes for 2011.
Short answer: no.
Long answer: yes, but the customisation would be major. The 'easiest' option that springs to mind, is that the authentication process is carried out as a bespoke asp.net page that either a) uses a service account to re-assign an entity to an individual and then returns them to the relevant CRM form, then a plug in that re-assigns it back on saving changes
or
b) has it's own set of forms to that update and retrieve information as a service account, and only do so after answering the security questions.
As an aside, any kind of 'scripted' form is almost impossible in CRM 4.0. I believe 2011 slightly improves on that, but what I've seen is still not encouraging. Using CRM in a contact centre for us has meant investing in a piece of third party form building software and creating bespoke forms that can be launched from CRM and return data via the web services (which are impressively flexible). We only use the CRM interface for viewing historic requests - even most updates trigger one of the bespoke forms.
If I was to implement such a scenario I would create a customer access record (new_custaccess) that is linked to the customer record (new_customer). For this example - keeping it simple - I'm going to assume that the customer has a simple access code they must provide before the bank employee (Operator) can access the record. The access code is stored on new_custaccess in a field (new_secretcode).
Security is that the Operator has no privileges to new_customer and read/update privileges to new_custaccess.
There is a single field (new_secretcodeoperator) on new_custaccess that the operator can update. All other fields are restricted from update (and, if appropriate, read) to the Operator.
When the Customer calls and the Operator searches for the appropriate new_custaccess record. Once they locate the record they enter the Customer provided secret code into the field new_secretcode and do a save.
A Pre-Update query executes on new_custaccess in the context of a user with full privileges (call it MASTER, for fun here.) That plug-in checks to see if the provided code matches the secret code. If it doesn't it throws an error and the Operator can retry. If it does match the plug-in strips the field new_secretcodeoperator from the record, to keep it from saving the value. It also shares appropriate permission on the record new_customer to the appropriate operator.
The Operator now has access to the Customer record (you'll have to decide whether to cascade permissions or share on each record - that decision is beyond this discussion.)
We now need to deal with rescinding permission on the Customer record. I would handle this by having an entity new_customeraccess that is generated by the previous plug-in whenever access is granted to a Customer record. A workflow should be triggered on Create of new_customeraccess that cause new_customeraccess to be updated every 20 minutes (or whatever time the client prefers.)
A plugin is registered on Update of new_customeraccess that fires when the field updated by the workflow is modified. This plug-in will determine - via whatever criteria is decided on by the business - whether to continue sharing or revoke sharing.
I would also create some javascript/html based pop-up from the new_customer ribbon to end sharing by updating a field on new_customeraccess. Provide the Operator with limited Update privs on new_customeraccess via field level security.
This should accomplish what you want without going outside the standard CRM customization model. Not exactly sure of where you draw the line on bespoke but this is probably as close as you'll get to OOTB. A few plug-ins are all the C# you'll need. And the only JavaScript will be for usability, not functionality.
Let me know if you have questions.